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DETAILED ACTION 
Specification 

1 . The abstract of the disclosure is objected to because on it is recited of "patents" 
on the applicant's line 10 which should recite "packets" instead. Correction is required. 
See MPEP§ 608.01(b). 

Claim Objections 

2. Claim 35 is objected to because of the following informalities: It is recited in 
claim 35 "The routing device of claim 36" which appears to depend upon claim 26 since 
there is no claim 36. The examiner is interpreting claim 35 as depending upon claim 26. 
Appropriate correction is required. 



Claim Rejections - 35 USC § 102 



3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 
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4. Claims 1-4,15-18,26,28,29, and 33-35 are rejected under 35 U.S.C. 102(e) as 
being anticipated by Joyce, U.S. Patent 6,519,703. 

As per claims 1,15, and 26, Joyce discloses of a method for a firewall (routing 
device) that comprises a detection module to detect the presence of a network attack, a 
network interface to receive an inbound packet from the network, and a routing engine 
to selectively process the packet using a heuristic stage (software process/mode) or an 
interrupt driven service routine (mode) based on the detection of a network attack (col. 
2, lines 30-57). The examiner is interpreting the interrupt driven service routine as 
being packets rated as "high confidence" and are released into the traditional firewall 
rule base for further processing, see column 2, lines 47-51 . 

As per claim 2, the teachings of Joyce disclose that the event comprises a 
network attack (col. 2, lines 57-60). 

As per claim 3, Joyce discloses of invoking a service routine using a software 
interrupt when the event is not detected and invoking a software process using to 
initiate (via a wakeup signal) the further processing of a suspicious packet (col. 2, lines 
30-57). 

As per claims 4 and 17, it is disclosed by Joyce of detecting the presence of an 
event comprises detecting the event based on a traffic level of inbound packets 
received by a firewall (router)(col. 3, lines 1 9-25 and col. 4, lines 35-39). 

As per claim 16, Joyce teaches of selectively processing the packet using a 
heuristic stage (software process/mode) or an interrupt driven service routine (mode) 
based on the detection of a network attack (col. 2, lines 30-57). 
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As per claim 18, Joyce discloses that the detection module detects the presence 
of a denial of service attack (col. 4, lines 32-43). 

As per claims 28 and 29, Joyce teaches of a network service module being 
invoked in response to a hardware interrupt from the network interface and a set of 
packet service routines to service inbound packets in accordance with a plurality of 
network protocols (col. 2, lines 30-57 and col. 3, lines 29-58). A service routine is 
invoked using a software interrupt when the event is not detected and invoking a 
software process using to initiate (via a wakeup signal) the further processing of a 
suspicious packet (col. 2, lines 30-57). 

As per claim 33, it is disclosed by Joyce of detecting the presence of an event 
comprises detecting the event based on a traffic level of inbound packets received by a 
firewall (router)(col. 3, lines 19-25 and col. 4, lines 35-39), wherein the event is a 
network attack (col. 2, lines 57-60). 

As per claim 34, Joyce discloses that the detection module detects the presence 
of a denial of service attack (col. 4, lines 32-43). 

As per claim 35, Joyce teaches of detecting the presence of an event comprises 
detecting the event based on a traffic level of inbound packets received by a firewall 
(router)(col. 3, lines 19-25 and col. 4, lines 35-39), wherein the event is a network attack 
(col. 2, lines 57-60). It is interpreted by the examiner that a pointer is selected from a 
table of pointers since it determines the mode of operation based on the severity of the 
packet rating. 
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5. Claims 5-14 and 19-25 are rejected under 35 U.S.C. 102(e) as being anticipated 
by Gleichauf et al, U.S. Patent 6,301 ,668. 

As per claims 5 and 19, Gleichauf et al discloses of method and of a computer 
readable medium containing instructions for a processor to process network traffic 
(packets )(col. 2, lines 56-60; col. 7, lines 1-3; and col. 14, lines 30-31). Inbound traffic 
(packets) are received from a network and the traffic (packets) is then processed by a 
software process to detect attacks (col. 2, lines 56-66). The usage rate is controlled by 
which the software process uses computing resources to process the traffic 
(packets)(col. 8, lines 27-32,49-52, & 58-62). 

As per claim 6, Gleichauf et al teaches of controlling the usage rate includes 
determining an execution period that the software process has executed (col. 8, lines 
49-62). It is interpreted that a context switch is not used within the teachings of 
Gleichauf et al since it is not disclosed. 

As per claim 7, Gleichauf et al discloses of controlling the usage rate comprises 
pausing execution of the software process for a sleep period when the execution period 
exceeds a threshold (col. 8, lines 58-65). 

As per claim 8, the teachings of Gleichauf et al disclose of adjusting the sleep 
period during the network attack (col. 8, line 49 through col. 9, line 3). 

As per claims 9 and 20, Gleichauf et al discloses of processing the traffic 
(packe.ts) by initiating (invoking) a packet service routine from the software process (col. 
8, lines 27-32,58-62). 



Application/Control Number: 09/854,810 Page 6 

Art Unit: 2131 

As per claims 10 and 21 , Gleichauf et al teaches of setting a rate limiting 
operating mode based on traffic level of inbound traffic (packets) and selectively 
initiating (invoking) packet service routines from the software process (col. 8, lines 49- 
65). 

As per claims 1 1 and 22, Gleichauf et al discloses of initiating (invoking) a packet 
service routine from the software process (col. 8, lines 27-32,58-62). It is interpreted by 
the examiner that a pointer is selected from a table of pointers since it determines the 
mode of operation based on the usage levels. 

As per claims 12 and 23, it is taught by Gleichauf et al of detecting the presence 
of a network attack (col. 8, lines 42-45). 

As per claims 13 and 24, Gleichauf et al teaches of detecting the presence of the 
network attack comprises detecting the network attack based on bandwidth (traffic level) 
of inbound traffic (packets)(col. 8, lines 42-45,56-57). 

As per claims 14 and 25, Gleichauf et al discloses of detecting denial of service 
attacks (col. 8, lines 42-45,56-57). 
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Claim Rejections - 35 USC § 103 

6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

7. Claims 27 and 30-32 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Joyce, U.S. Patent 6,519,703 in view of Gleichauf et al, U.S. Patent 6,301 ,668. 

As per claim 27, Joyce disclose of selectively process the packet using a 
heuristic stage (software process/mode) or an interrupt driven service routine (mode) 
based on the detection of a network attack (col. 2, lines 30-57). The teachings of Joyce 
are silent in disclosing of enabling a rate limiting operating mode when a threshold is 
exceeded. Gleichauf et al discloses of controlling the usage rate of computer resources 
to process traffic (packets)(col. 8, lines 27-32,49-52, & 58-62). It would have been 
obvious to a person of ordinary skill in the art at the time of the invention to have been 
motivated to apply means for controlling the usage rate of computer resources. 
Gleichauf et al discloses of motivation for the limiting of usage rates of computer 
resources by reciting system services can be prioritized based on the importance of the 
services and to be able to adapt to a changing network environment by maintaining a 
sufficient level of security (col. 3, lines 21-24 and col. 8, lines 49-56). It is obvious that 
the teachings of Joyce would have found the teachings of Gleichauf et al beneficial in 
the aspect of being able to maintain a sufficient level of security in a changing network 
environment. 
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As per claim 30, the teachings of Joyce disclose of selectively process the packet 
using a heuristic stage (software process/mode) or an interrupt driven service routine 
(mode) based on the detection of a network attack (col. 2, lines 30-57). The teachings 
of Joyce fail to disclose of a software process controlling the usage rate of computer 
resources to process packets. It is disclosed by Gleichauf et al of a software process 
controlling the usage rate of computer resources to process traffic (packets)(col. 8, lines 
27-32,49-52, & 58-62). It would have been obvious to a person of ordinary skill in the 
art at the time of the invention to have been motivated to apply means for controlling the 
usage rate of computer resources. Gleichauf et al discloses of motivation for the 
limiting of usage rates of computer resources by reciting system services can be 
prioritized based on the importance of the services and to be able to adapt to a 
changing network environment by maintaining a sufficient level of security (col. 3, lines 
21-24 and col. 8, lines 49-56). It is obvious that the teachings of Joyce would have 
found the teachings of Gleichauf et al beneficial in the aspect of being able to maintain a 
sufficient level of security in a changing network environment. 

As per claim 31 , the teachings of Gleichauf et al disclose of a software process 
that controls the usage rate of computing resources by determining an execution period 
that the software process has executed and pausing execution of the software process 
for a sleep period when the execution period exceeds a threshold (col. 8, lines 27- 
32,49-52, & 58-62). Please refer above for the motivational benefits of applying the 
teachings of Gleichauf et al to the teachings of Joyce. It is interpreted that a context 
switch is not used within the teachings of Gleichauf et al since it is not disclosed. 
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As per claim 32, Gleichauf et al discloses of the software process dynamically 
adjusting the sleep period during the network attack (col. 8, lines 27-32,49-52, & 58-62). 
Please refer above for the motivational benefits of applying the teachings of Gleichauf et 
al to the teachings of Joyce. 

Conclusion 

8. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

Gleichauf et al, U.S. Patent 6,816,973 discloses of disabling resources when the 
usage rates exceed a particular level. 

Gleichauf et al, U.S. Patent 6,499,107 discloses of disabling resources when the 
usage rates exceed a particular level. 

9. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Christopher A. Revak whose telephone number is 571- 
272-3794. The examiner can normally be reached on Monday-Friday, 6:30am-4:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 



Christopher Revak 
AU213-U 
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